What the Adobe hack means

40 odd GB of Adobe source code & 2.5M Account holders credit cards have been found on the internet, that’s pretty poor information security. It was discovered by Krebbs a blogger & security expert not announced by Adobe themselves who had known for 4 weeks prior that something had happened.

So what could a criminal do with that little lot?

Piracy

Adobe costs a small fortune and calls home to validate so with the source code you could remove that requirement and sell the product on the black market

Fraud & Identity Theft

Adobe accounts have Credit Cards and User identification details. Some of which were encrypted (card numbers) the rest of which not so much. Obviously beware the phishing around the change of password for your account type. Also How often do you use the same user name/email/password across multiple sites? It doesn’t help if Gmail thinks it’s spam!

Hacker compromise.

Adobe products have always been a bit of a security issue. Poisoning a PDF is a VERY popular way to compromise a PC.

With the source code a hacker will know how to subvert any inbuilt security checks. Sure a hacker could use a fuzzer & debug the program, but looking at the source is so much easier.

They may also have had away with some of the root signing and certification keys, this means that exploits that could have been picked up by malware or antivirus scanners will see valid signed document/program/code from a trusted certificate and ignore it.

I’d have left some form of backdoor into Adobe and I’m sure they will have. This will spread the fear through the internal IT & development infrastructure at Adobe so I’m not holding my breath for Adobe Acrobat XII to be released any time soon.